ci: docker_tag=ext chore(back): v1.0.6 IdNot fallback via sub rattachements
All checks were successful
build-and-push-ext / build_push (push) Successful in 23s
All checks were successful
build-and-push-ext / build_push (push) Successful in 23s
This commit is contained in:
dev4
parent
58f2dfab52
commit
d3beff89c8
@ -41,3 +41,9 @@
|
|||||||
|
|
||||||
- IdNot: logs supplémentaires des claims du token (`sub`, `entity_idn`, `profile_idn`) et contrôle explicite de `profile_idn`.
|
- IdNot: logs supplémentaires des claims du token (`sub`, `entity_idn`, `profile_idn`) et contrôle explicite de `profile_idn`.
|
||||||
- Effet: en cas d’absence de `profile_idn`, retour 400 (ValidationError) au lieu d’un 502.
|
- Effet: en cas d’absence de `profile_idn`, retour 400 (ValidationError) au lieu d’un 502.
|
||||||
|
|
||||||
|
## v1.0.6
|
||||||
|
|
||||||
|
- IdNot: fallback quand `profile_idn` absent dans le token.
|
||||||
|
- Récupération des rattachements via `sub` puis sélection d’un rattachement d’étude (office) si présent.
|
||||||
|
- Objectif: permettre le login même si le JWT IdNot ne fournit pas `profile_idn`.
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "lecoffre-back-mini",
|
"name": "lecoffre-back-mini",
|
||||||
"version": "1.0.5",
|
"version": "1.0.6",
|
||||||
"description": "Mini serveur avec une route /api/ping",
|
"description": "Mini serveur avec une route /api/ping",
|
||||||
"main": "dist/server.js",
|
"main": "dist/server.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|||||||
@ -109,14 +109,22 @@ export class IdNotController {
|
|||||||
profile_idn: payload?.profile_idn
|
profile_idn: payload?.profile_idn
|
||||||
});
|
});
|
||||||
|
|
||||||
// Validate essential claim
|
// Try standard flow with profile_idn; otherwise fallback via rattachements using sub
|
||||||
if (!payload?.profile_idn || typeof payload.profile_idn !== 'string') {
|
let userData: any;
|
||||||
throw new ValidationError('Missing profile_idn in IdNot token');
|
if (payload?.profile_idn && typeof payload.profile_idn === 'string') {
|
||||||
|
userData = await IdNotService.getUserData(payload.profile_idn);
|
||||||
|
} else {
|
||||||
|
Logger.info('IdNot fallback via rattachements using sub');
|
||||||
|
const rattachementsJson = await IdNotService.getUserRattachements(payload.sub);
|
||||||
|
const results: any[] = Array.isArray(rattachementsJson?.result) ? rattachementsJson.result : [];
|
||||||
|
// pick first office rattachement with a defined entite
|
||||||
|
const candidate = results.find((r: any) => r?.entite?.typeEntite?.name === 'office') || results[0];
|
||||||
|
if (!candidate) {
|
||||||
|
throw new ForbiddenError('User not attached to an office');
|
||||||
|
}
|
||||||
|
userData = candidate;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get user data
|
|
||||||
const userData = await IdNotService.getUserData(payload.profile_idn);
|
|
||||||
|
|
||||||
// Log d'analyse (non sensible) pour diagnostiquer les cas de rattachement
|
// Log d'analyse (non sensible) pour diagnostiquer les cas de rattachement
|
||||||
Logger.info('IdNot userData summary', {
|
Logger.info('IdNot userData summary', {
|
||||||
profile_idn: payload.profile_idn,
|
profile_idn: payload.profile_idn,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user